<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>esapi.http_utilities</title>
  <link rel="stylesheet" href="epydoc.css" type="text/css" />
  <script type="text/javascript" src="epydoc.js"></script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="#204080"
      alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="esapi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="100%">
      <span class="breadcrumbs">
        <a href="esapi-module.html">Package&nbsp;esapi</a> ::
        Module&nbsp;http_utilities
      </span>
    </td>
    <td>
      <table cellpadding="0" cellspacing="0">
        <!-- hide/show private -->
        <tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
    onclick="toggle_private();">hide&nbsp;private</a>]</span></td></tr>
        <tr><td align="right"><span class="options"
            >[<a href="frames.html" target="_top">frames</a
            >]&nbsp;|&nbsp;<a href="esapi.http_utilities-pysrc.html"
            target="_top">no&nbsp;frames</a>]</span></td></tr>
      </table>
    </td>
  </tr>
</table>
<h1 class="epydoc">Source Code for <a href="esapi.http_utilities-module.html">Module esapi.http_utilities</a></h1>
<pre class="py-src">
<a name="L1"></a><tt class="py-lineno">  1</tt>  <tt class="py-line"><tt class="py-comment">#!/usr/bin/python</tt> </tt>
<a name="L2"></a><tt class="py-lineno">  2</tt>  <tt class="py-line"><tt class="py-comment"># -*- coding: utf-8 -*-</tt> </tt>
<a name="L3"></a><tt class="py-lineno">  3</tt>  <tt class="py-line"> </tt>
<a name="L4"></a><tt class="py-lineno">  4</tt>  <tt class="py-line"><tt class="py-docstring">"""</tt> </tt>
<a name="L5"></a><tt class="py-lineno">  5</tt>  <tt class="py-line"><tt class="py-docstring">@license: OWASP Enterprise Security API (ESAPI)</tt> </tt>
<a name="L6"></a><tt class="py-lineno">  6</tt>  <tt class="py-line"><tt class="py-docstring">     </tt> </tt>
<a name="L7"></a><tt class="py-lineno">  7</tt>  <tt class="py-line"><tt class="py-docstring">    This file is part of the Open Web Application Security Project (OWASP)</tt> </tt>
<a name="L8"></a><tt class="py-lineno">  8</tt>  <tt class="py-line"><tt class="py-docstring">    Enterprise Security API (ESAPI) project. For details, please see</tt> </tt>
<a name="L9"></a><tt class="py-lineno">  9</tt>  <tt class="py-line"><tt class="py-docstring">    U{http://www.owasp.org/index.php/ESAPI&lt;http://www.owasp.org/index.php/ESAPI&gt;}.</tt> </tt>
<a name="L10"></a><tt class="py-lineno"> 10</tt>  <tt class="py-line"><tt class="py-docstring"></tt> </tt>
<a name="L11"></a><tt class="py-lineno"> 11</tt>  <tt class="py-line"><tt class="py-docstring">    The ESAPI is published by OWASP under the BSD license. You should read and </tt> </tt>
<a name="L12"></a><tt class="py-lineno"> 12</tt>  <tt class="py-line"><tt class="py-docstring">    accept the LICENSE before you use, modify, and/or redistribute this software.</tt> </tt>
<a name="L13"></a><tt class="py-lineno"> 13</tt>  <tt class="py-line"><tt class="py-docstring">    </tt> </tt>
<a name="L14"></a><tt class="py-lineno"> 14</tt>  <tt class="py-line"><tt class="py-docstring">@summary: The HTTPUtilities interface is a collection of methods that provide </tt> </tt>
<a name="L15"></a><tt class="py-lineno"> 15</tt>  <tt class="py-line"><tt class="py-docstring">    additional security related to HTTP requests, responses, sessions, cookies,</tt> </tt>
<a name="L16"></a><tt class="py-lineno"> 16</tt>  <tt class="py-line"><tt class="py-docstring">    headers, and logging.</tt> </tt>
<a name="L17"></a><tt class="py-lineno"> 17</tt>  <tt class="py-line"><tt class="py-docstring">@copyright: Copyright (c) 2009 - The OWASP Foundation</tt> </tt>
<a name="L18"></a><tt class="py-lineno"> 18</tt>  <tt class="py-line"><tt class="py-docstring">@author: Craig Younkins (craig.younkins@owasp.org)</tt> </tt>
<a name="L19"></a><tt class="py-lineno"> 19</tt>  <tt class="py-line"><tt class="py-docstring">"""</tt> </tt>
<a name="L20"></a><tt class="py-lineno"> 20</tt>  <tt class="py-line"> </tt>
<a name="L21"></a><tt class="py-lineno"> 21</tt>  <tt class="py-line"><tt class="py-comment"># Todo</tt> </tt>
<a name="L22"></a><tt class="py-lineno"> 22</tt>  <tt class="py-line"><tt class="py-comment"># Update get_file_uploads's @return when know what happens with Java File objects.</tt> </tt>
<a name="L23"></a><tt class="py-lineno"> 23</tt>  <tt class="py-line"> </tt>
<a name="HTTPUtilities"></a><div id="HTTPUtilities-def"><a name="L24"></a><tt class="py-lineno"> 24</tt> <a class="py-toggle" href="#" id="HTTPUtilities-toggle" onclick="return toggle('HTTPUtilities');">-</a><tt class="py-line"><tt class="py-keyword">class</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html">HTTPUtilities</a><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities-collapsed" style="display:none;" pad="+++" indent="++++"></div><div id="HTTPUtilities-expanded"><a name="L25"></a><tt class="py-lineno"> 25</tt>  <tt class="py-line">    <tt class="py-docstring">"""</tt> </tt>
<a name="L26"></a><tt class="py-lineno"> 26</tt>  <tt class="py-line"><tt class="py-docstring">    The HTTPUtilities interface is a collection of methods that provide</tt> </tt>
<a name="L27"></a><tt class="py-lineno"> 27</tt>  <tt class="py-line"><tt class="py-docstring">    additional security related methods to HTTP requests, responses, sessions,</tt> </tt>
<a name="L28"></a><tt class="py-lineno"> 28</tt>  <tt class="py-line"><tt class="py-docstring">    cookies, headers, and logging.</tt> </tt>
<a name="L29"></a><tt class="py-lineno"> 29</tt>  <tt class="py-line"><tt class="py-docstring">    </tt> </tt>
<a name="L30"></a><tt class="py-lineno"> 30</tt>  <tt class="py-line"><tt class="py-docstring">    @author: Craig Younkins (craig.younkins@owasp.org)</tt> </tt>
<a name="L31"></a><tt class="py-lineno"> 31</tt>  <tt class="py-line"><tt class="py-docstring">    """</tt> </tt>
<a name="L32"></a><tt class="py-lineno"> 32</tt>  <tt class="py-line">     </tt>
<a name="L33"></a><tt class="py-lineno"> 33</tt>  <tt class="py-line">    <tt id="link-0" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME=esapi.http_utilities.HTTPUtilities-class.html#REMEMBER_TOKEN_COOKIE_NAME"><a title="esapi.http_utilities.HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME" class="py-name" href="#" onclick="return doclink('link-0', 'REMEMBER_TOKEN_COOKIE_NAME', 'link-0');">REMEMBER_TOKEN_COOKIE_NAME</a></tt> <tt class="py-op">=</tt> <tt class="py-string">"rtoken"</tt> </tt>
<a name="L34"></a><tt class="py-lineno"> 34</tt>  <tt class="py-line">    <tt id="link-1" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.MAX_COOKIE_LEN=esapi.http_utilities.HTTPUtilities-class.html#MAX_COOKIE_LEN"><a title="esapi.http_utilities.HTTPUtilities.MAX_COOKIE_LEN" class="py-name" href="#" onclick="return doclink('link-1', 'MAX_COOKIE_LEN', 'link-1');">MAX_COOKIE_LEN</a></tt> <tt class="py-op">=</tt> <tt class="py-number">4096</tt> <tt class="py-comment"># From RFC 2109</tt> </tt>
<a name="L35"></a><tt class="py-lineno"> 35</tt>  <tt class="py-line">    <tt id="link-2" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.MAX_COOKIE_PAIRS=esapi.http_utilities.HTTPUtilities-class.html#MAX_COOKIE_PAIRS"><a title="esapi.http_utilities.HTTPUtilities.MAX_COOKIE_PAIRS" class="py-name" href="#" onclick="return doclink('link-2', 'MAX_COOKIE_PAIRS', 'link-2');">MAX_COOKIE_PAIRS</a></tt> <tt class="py-op">=</tt> <tt class="py-number">20</tt> <tt class="py-comment"># From RFC 2109</tt> </tt>
<a name="L36"></a><tt class="py-lineno"> 36</tt>  <tt class="py-line">    <tt id="link-3" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.CSRF_TOKEN_NAME=esapi.http_utilities.HTTPUtilities-class.html#CSRF_TOKEN_NAME"><a title="esapi.http_utilities.HTTPUtilities.CSRF_TOKEN_NAME" class="py-name" href="#" onclick="return doclink('link-3', 'CSRF_TOKEN_NAME', 'link-3');">CSRF_TOKEN_NAME</a></tt> <tt class="py-op">=</tt> <tt class="py-string">"ctoken"</tt> </tt>
<a name="L37"></a><tt class="py-lineno"> 37</tt>  <tt class="py-line">    <tt id="link-4" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.ESAPI_STATE=esapi.http_utilities.HTTPUtilities-class.html#ESAPI_STATE"><a title="esapi.http_utilities.HTTPUtilities.ESAPI_STATE" class="py-name" href="#" onclick="return doclink('link-4', 'ESAPI_STATE', 'link-4');">ESAPI_STATE</a></tt> <tt class="py-op">=</tt> <tt class="py-string">"estate"</tt> </tt>
<a name="L38"></a><tt class="py-lineno"> 38</tt>  <tt class="py-line">    <tt id="link-5" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.SESSION_TOKEN_NAME=esapi.http_utilities.HTTPUtilities-class.html#SESSION_TOKEN_NAME"><a title="esapi.http_utilities.HTTPUtilities.SESSION_TOKEN_NAME" class="py-name" href="#" onclick="return doclink('link-5', 'SESSION_TOKEN_NAME', 'link-5');">SESSION_TOKEN_NAME</a></tt> <tt class="py-op">=</tt> <tt class="py-string">"JSESSIONID"</tt> </tt>
<a name="L39"></a><tt class="py-lineno"> 39</tt>  <tt class="py-line">     </tt>
<a name="L40"></a><tt class="py-lineno"> 40</tt>  <tt class="py-line">    <tt id="link-6" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.PARAMETER=esapi.http_utilities.HTTPUtilities-class.html#PARAMETER"><a title="esapi.http_utilities.HTTPUtilities.PARAMETER" class="py-name" href="#" onclick="return doclink('link-6', 'PARAMETER', 'link-6');">PARAMETER</a></tt> <tt class="py-op">=</tt> <tt class="py-number">0</tt> </tt>
<a name="L41"></a><tt class="py-lineno"> 41</tt>  <tt class="py-line">    <tt id="link-7" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.HEADER=esapi.http_utilities.HTTPUtilities-class.html#HEADER"><a title="esapi.http_utilities.HTTPUtilities.HEADER" class="py-name" href="#" onclick="return doclink('link-7', 'HEADER', 'link-7');">HEADER</a></tt> <tt class="py-op">=</tt> <tt class="py-number">1</tt> </tt>
<a name="L42"></a><tt class="py-lineno"> 42</tt>  <tt class="py-line">    <tt id="link-8" class="py-name" targets="Variable esapi.http_utilities.HTTPUtilities.COOKIE=esapi.http_utilities.HTTPUtilities-class.html#COOKIE"><a title="esapi.http_utilities.HTTPUtilities.COOKIE" class="py-name" href="#" onclick="return doclink('link-8', 'COOKIE', 'link-8');">COOKIE</a></tt> <tt class="py-op">=</tt> <tt class="py-number">2</tt> </tt>
<a name="L43"></a><tt class="py-lineno"> 43</tt>  <tt class="py-line">     </tt>
<a name="HTTPUtilities.__init__"></a><div id="HTTPUtilities.__init__-def"><a name="L44"></a><tt class="py-lineno"> 44</tt> <a class="py-toggle" href="#" id="HTTPUtilities.__init__-toggle" onclick="return toggle('HTTPUtilities.__init__');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#__init__">__init__</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.__init__-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.__init__-expanded"><a name="L45"></a><tt class="py-lineno"> 45</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L46"></a><tt class="py-lineno"> 46</tt>  <tt class="py-line">     </tt>
<a name="HTTPUtilities.add_cookie"></a><div id="HTTPUtilities.add_cookie-def"><a name="L47"></a><tt class="py-lineno"> 47</tt> <a class="py-toggle" href="#" id="HTTPUtilities.add_cookie-toggle" onclick="return toggle('HTTPUtilities.add_cookie');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#add_cookie">add_cookie</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-op">**</tt><tt class="py-param">kwargs</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.add_cookie-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.add_cookie-expanded"><a name="L48"></a><tt class="py-lineno"> 48</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L49"></a><tt class="py-lineno"> 49</tt>  <tt class="py-line"><tt class="py-docstring">        If response is None, response refers to the current response.</tt> </tt>
<a name="L50"></a><tt class="py-lineno"> 50</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L51"></a><tt class="py-lineno"> 51</tt>  <tt class="py-line"><tt class="py-docstring">        This method is intended to be called with keyword arguments the same</tt> </tt>
<a name="L52"></a><tt class="py-lineno"> 52</tt>  <tt class="py-line"><tt class="py-docstring">        as Django or Pylons/WebOb set_cookie().</tt> </tt>
<a name="L53"></a><tt class="py-lineno"> 53</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L54"></a><tt class="py-lineno"> 54</tt>  <tt class="py-line"><tt class="py-docstring">        add_cookie(key, value='', max_age=None, path='/', domain=None,</tt> </tt>
<a name="L55"></a><tt class="py-lineno"> 55</tt>  <tt class="py-line"><tt class="py-docstring">        secure=None, httponly=False, version=None, comment=None, expires=None)</tt> </tt>
<a name="L56"></a><tt class="py-lineno"> 56</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L57"></a><tt class="py-lineno"> 57</tt>  <tt class="py-line"><tt class="py-docstring">        Adds a cookie to the response after ensuring that there are no encoded</tt> </tt>
<a name="L58"></a><tt class="py-lineno"> 58</tt>  <tt class="py-line"><tt class="py-docstring">        or illegal characters in the name and value. This method sets the</tt> </tt>
<a name="L59"></a><tt class="py-lineno"> 59</tt>  <tt class="py-line"><tt class="py-docstring">        secure and HttpOnly flags on the cookie if they are to be forced,</tt> </tt>
<a name="L60"></a><tt class="py-lineno"> 60</tt>  <tt class="py-line"><tt class="py-docstring">        according to SecurityConfiguration.get_force_secure_cookies() and</tt> </tt>
<a name="L61"></a><tt class="py-lineno"> 61</tt>  <tt class="py-line"><tt class="py-docstring">        get_force_http_only_cookies().</tt> </tt>
<a name="L62"></a><tt class="py-lineno"> 62</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L63"></a><tt class="py-lineno"> 63</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional parameter to specify the response to add the</tt> </tt>
<a name="L64"></a><tt class="py-lineno"> 64</tt>  <tt class="py-line"><tt class="py-docstring">            cookie to. Defaults to the current response.</tt> </tt>
<a name="L65"></a><tt class="py-lineno"> 65</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L66"></a><tt class="py-lineno"> 66</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L67"></a><tt class="py-lineno"> 67</tt>  <tt class="py-line">             </tt>
<a name="HTTPUtilities.add_csrf_token"></a><div id="HTTPUtilities.add_csrf_token-def"><a name="L68"></a><tt class="py-lineno"> 68</tt> <a class="py-toggle" href="#" id="HTTPUtilities.add_csrf_token-toggle" onclick="return toggle('HTTPUtilities.add_csrf_token');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#add_csrf_token">add_csrf_token</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">href</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.add_csrf_token-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.add_csrf_token-expanded"><a name="L69"></a><tt class="py-lineno"> 69</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L70"></a><tt class="py-lineno"> 70</tt>  <tt class="py-line"><tt class="py-docstring">        Adds the current user's CSRF token to the URL to prevent CSRF attacks.</tt> </tt>
<a name="L71"></a><tt class="py-lineno"> 71</tt>  <tt class="py-line"><tt class="py-docstring">        This method should be used on all URLs to be put into links and forms</tt> </tt>
<a name="L72"></a><tt class="py-lineno"> 72</tt>  <tt class="py-line"><tt class="py-docstring">        that the application generates.</tt> </tt>
<a name="L73"></a><tt class="py-lineno"> 73</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L74"></a><tt class="py-lineno"> 74</tt>  <tt class="py-line"><tt class="py-docstring">        @param href: the URL to which the CSRF token will be appended</tt> </tt>
<a name="L75"></a><tt class="py-lineno"> 75</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the updated URL with the CSRF token parameter added</tt> </tt>
<a name="L76"></a><tt class="py-lineno"> 76</tt>  <tt class="py-line"><tt class="py-docstring">        @see: L{esapi.user.get_csrf_token}</tt> </tt>
<a name="L77"></a><tt class="py-lineno"> 77</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L78"></a><tt class="py-lineno"> 78</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L79"></a><tt class="py-lineno"> 79</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.add_header"></a><div id="HTTPUtilities.add_header-def"><a name="L80"></a><tt class="py-lineno"> 80</tt> <a class="py-toggle" href="#" id="HTTPUtilities.add_header-toggle" onclick="return toggle('HTTPUtilities.add_header');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#add_header">add_header</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">name</tt><tt class="py-op">,</tt> <tt class="py-param">value</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.add_header-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.add_header-expanded"><a name="L81"></a><tt class="py-lineno"> 81</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L82"></a><tt class="py-lineno"> 82</tt>  <tt class="py-line"><tt class="py-docstring">        If response is None, response refers to the current response.</tt> </tt>
<a name="L83"></a><tt class="py-lineno"> 83</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L84"></a><tt class="py-lineno"> 84</tt>  <tt class="py-line"><tt class="py-docstring">        Add a header to the response after ensuring that there are no encoded</tt> </tt>
<a name="L85"></a><tt class="py-lineno"> 85</tt>  <tt class="py-line"><tt class="py-docstring">        or illegal characters in the name and value. This implementation </tt> </tt>
<a name="L86"></a><tt class="py-lineno"> 86</tt>  <tt class="py-line"><tt class="py-docstring">        follows the following recommendation: "A recipient MAY replace any</tt> </tt>
<a name="L87"></a><tt class="py-lineno"> 87</tt>  <tt class="py-line"><tt class="py-docstring">        linear white space with a single SP before interpreting the field value</tt> </tt>
<a name="L88"></a><tt class="py-lineno"> 88</tt>  <tt class="py-line"><tt class="py-docstring">        or forwarding the message downstream."</tt> </tt>
<a name="L89"></a><tt class="py-lineno"> 89</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L90"></a><tt class="py-lineno"> 90</tt>  <tt class="py-line"><tt class="py-docstring">        @see: U{http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2}</tt> </tt>
<a name="L91"></a><tt class="py-lineno"> 91</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response the header will be appended to.</tt> </tt>
<a name="L92"></a><tt class="py-lineno"> 92</tt>  <tt class="py-line"><tt class="py-docstring">            Defaults to the current response.</tt> </tt>
<a name="L93"></a><tt class="py-lineno"> 93</tt>  <tt class="py-line"><tt class="py-docstring">        @param name: the header name</tt> </tt>
<a name="L94"></a><tt class="py-lineno"> 94</tt>  <tt class="py-line"><tt class="py-docstring">        @param value: the value of the header</tt> </tt>
<a name="L95"></a><tt class="py-lineno"> 95</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L96"></a><tt class="py-lineno"> 96</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L97"></a><tt class="py-lineno"> 97</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.assert_secure_request"></a><div id="HTTPUtilities.assert_secure_request-def"><a name="L98"></a><tt class="py-lineno"> 98</tt> <a class="py-toggle" href="#" id="HTTPUtilities.assert_secure_request-toggle" onclick="return toggle('HTTPUtilities.assert_secure_request');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#assert_secure_request">assert_secure_request</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.assert_secure_request-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.assert_secure_request-expanded"><a name="L99"></a><tt class="py-lineno"> 99</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L100"></a><tt class="py-lineno">100</tt>  <tt class="py-line"><tt class="py-docstring">        If request is None, request refers to the current request.</tt> </tt>
<a name="L101"></a><tt class="py-lineno">101</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L102"></a><tt class="py-lineno">102</tt>  <tt class="py-line"><tt class="py-docstring">        Ensures that the request uses SSL and POST to protect any sensitive</tt> </tt>
<a name="L103"></a><tt class="py-lineno">103</tt>  <tt class="py-line"><tt class="py-docstring">        parameters in the querystring from being sniffed, logged, bookmarked, </tt> </tt>
<a name="L104"></a><tt class="py-lineno">104</tt>  <tt class="py-line"><tt class="py-docstring">        included in the referrer header, etc...</tt> </tt>
<a name="L105"></a><tt class="py-lineno">105</tt>  <tt class="py-line"><tt class="py-docstring">        This method should be called for any request that contains sensitive</tt> </tt>
<a name="L106"></a><tt class="py-lineno">106</tt>  <tt class="py-line"><tt class="py-docstring">        data from a web form.</tt> </tt>
<a name="L107"></a><tt class="py-lineno">107</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L108"></a><tt class="py-lineno">108</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional parameter to specify the request to check.</tt> </tt>
<a name="L109"></a><tt class="py-lineno">109</tt>  <tt class="py-line"><tt class="py-docstring">            Defaults to the current request.</tt> </tt>
<a name="L110"></a><tt class="py-lineno">110</tt>  <tt class="py-line"><tt class="py-docstring">        @raises AccessControlException: if security constraints are not met</tt> </tt>
<a name="L111"></a><tt class="py-lineno">111</tt>  <tt class="py-line"><tt class="py-docstring">        @see: L{HTTPUtilities.set_current_http}</tt> </tt>
<a name="L112"></a><tt class="py-lineno">112</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L113"></a><tt class="py-lineno">113</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L114"></a><tt class="py-lineno">114</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.change_session_identifier"></a><div id="HTTPUtilities.change_session_identifier-def"><a name="L115"></a><tt class="py-lineno">115</tt> <a class="py-toggle" href="#" id="HTTPUtilities.change_session_identifier-toggle" onclick="return toggle('HTTPUtilities.change_session_identifier');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#change_session_identifier">change_session_identifier</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.change_session_identifier-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.change_session_identifier-expanded"><a name="L116"></a><tt class="py-lineno">116</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L117"></a><tt class="py-lineno">117</tt>  <tt class="py-line"><tt class="py-docstring">        If request is None, request refers to the current request.</tt> </tt>
<a name="L118"></a><tt class="py-lineno">118</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L119"></a><tt class="py-lineno">119</tt>  <tt class="py-line"><tt class="py-docstring">        Invalidate the existing session after copying all of its content to a</tt> </tt>
<a name="L120"></a><tt class="py-lineno">120</tt>  <tt class="py-line"><tt class="py-docstring">        newly created session with a new session id.</tt> </tt>
<a name="L121"></a><tt class="py-lineno">121</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L122"></a><tt class="py-lineno">122</tt>  <tt class="py-line"><tt class="py-docstring">        Note that this is different from logging out and creating a new session</tt> </tt>
<a name="L123"></a><tt class="py-lineno">123</tt>  <tt class="py-line"><tt class="py-docstring">        identifier that does not contain the existing session contents. Care</tt> </tt>
<a name="L124"></a><tt class="py-lineno">124</tt>  <tt class="py-line"><tt class="py-docstring">        should be taken to use this only when the existing session does not </tt> </tt>
<a name="L125"></a><tt class="py-lineno">125</tt>  <tt class="py-line"><tt class="py-docstring">        contain hazardous contents.</tt> </tt>
<a name="L126"></a><tt class="py-lineno">126</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L127"></a><tt class="py-lineno">127</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional parameter to specify the request. Defaults</tt> </tt>
<a name="L128"></a><tt class="py-lineno">128</tt>  <tt class="py-line"><tt class="py-docstring">            to the current request.</tt> </tt>
<a name="L129"></a><tt class="py-lineno">129</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the new HTTPSession with a changed id</tt> </tt>
<a name="L130"></a><tt class="py-lineno">130</tt>  <tt class="py-line"><tt class="py-docstring">        @raises AuthenticationException:</tt> </tt>
<a name="L131"></a><tt class="py-lineno">131</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L132"></a><tt class="py-lineno">132</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L133"></a><tt class="py-lineno">133</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.clear_current"></a><div id="HTTPUtilities.clear_current-def"><a name="L134"></a><tt class="py-lineno">134</tt> <a class="py-toggle" href="#" id="HTTPUtilities.clear_current-toggle" onclick="return toggle('HTTPUtilities.clear_current');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#clear_current">clear_current</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.clear_current-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.clear_current-expanded"><a name="L135"></a><tt class="py-lineno">135</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L136"></a><tt class="py-lineno">136</tt>  <tt class="py-line"><tt class="py-docstring">        Clears the current HttpRequest and HttpResponse associated with the</tt> </tt>
<a name="L137"></a><tt class="py-lineno">137</tt>  <tt class="py-line"><tt class="py-docstring">        current thread.</tt> </tt>
<a name="L138"></a><tt class="py-lineno">138</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L139"></a><tt class="py-lineno">139</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L140"></a><tt class="py-lineno">140</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.decrypt_hidden_field"></a><div id="HTTPUtilities.decrypt_hidden_field-def"><a name="L141"></a><tt class="py-lineno">141</tt> <a class="py-toggle" href="#" id="HTTPUtilities.decrypt_hidden_field-toggle" onclick="return toggle('HTTPUtilities.decrypt_hidden_field');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#decrypt_hidden_field">decrypt_hidden_field</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">encrypted</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.decrypt_hidden_field-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.decrypt_hidden_field-expanded"><a name="L142"></a><tt class="py-lineno">142</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L143"></a><tt class="py-lineno">143</tt>  <tt class="py-line"><tt class="py-docstring">        Decrypts an encrypted hidden field value and returns the cleartext.</tt> </tt>
<a name="L144"></a><tt class="py-lineno">144</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L145"></a><tt class="py-lineno">145</tt>  <tt class="py-line"><tt class="py-docstring">        @raises IntrusionException: If the field does not decrypt properly,</tt> </tt>
<a name="L146"></a><tt class="py-lineno">146</tt>  <tt class="py-line"><tt class="py-docstring">            indicating possible tampering.</tt> </tt>
<a name="L147"></a><tt class="py-lineno">147</tt>  <tt class="py-line"><tt class="py-docstring">        @param encrypted: the hidden field to decrypt</tt> </tt>
<a name="L148"></a><tt class="py-lineno">148</tt>  <tt class="py-line"><tt class="py-docstring">        @return: decrypted hidden field</tt> </tt>
<a name="L149"></a><tt class="py-lineno">149</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L150"></a><tt class="py-lineno">150</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L151"></a><tt class="py-lineno">151</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.decrypt_query_string"></a><div id="HTTPUtilities.decrypt_query_string-def"><a name="L152"></a><tt class="py-lineno">152</tt> <a class="py-toggle" href="#" id="HTTPUtilities.decrypt_query_string-toggle" onclick="return toggle('HTTPUtilities.decrypt_query_string');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#decrypt_query_string">decrypt_query_string</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">encrypted</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.decrypt_query_string-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.decrypt_query_string-expanded"><a name="L153"></a><tt class="py-lineno">153</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L154"></a><tt class="py-lineno">154</tt>  <tt class="py-line"><tt class="py-docstring">        Takes an encrypted querystring and returns a dictionary containing the</tt> </tt>
<a name="L155"></a><tt class="py-lineno">155</tt>  <tt class="py-line"><tt class="py-docstring">        original parameters.</tt> </tt>
<a name="L156"></a><tt class="py-lineno">156</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L157"></a><tt class="py-lineno">157</tt>  <tt class="py-line"><tt class="py-docstring">        @param encrypted: the encrypted querystring</tt> </tt>
<a name="L158"></a><tt class="py-lineno">158</tt>  <tt class="py-line"><tt class="py-docstring">        @return: a dict containing the decrypted querystring</tt> </tt>
<a name="L159"></a><tt class="py-lineno">159</tt>  <tt class="py-line"><tt class="py-docstring">        @raises EncryptionException: when something goes wrong with decryption</tt> </tt>
<a name="L160"></a><tt class="py-lineno">160</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L161"></a><tt class="py-lineno">161</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L162"></a><tt class="py-lineno">162</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.decrypt_state_from_cookie"></a><div id="HTTPUtilities.decrypt_state_from_cookie-def"><a name="L163"></a><tt class="py-lineno">163</tt> <a class="py-toggle" href="#" id="HTTPUtilities.decrypt_state_from_cookie-toggle" onclick="return toggle('HTTPUtilities.decrypt_state_from_cookie');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#decrypt_state_from_cookie">decrypt_state_from_cookie</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.decrypt_state_from_cookie-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.decrypt_state_from_cookie-expanded"><a name="L164"></a><tt class="py-lineno">164</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L165"></a><tt class="py-lineno">165</tt>  <tt class="py-line"><tt class="py-docstring">        If request is None, request refers to the current request.</tt> </tt>
<a name="L166"></a><tt class="py-lineno">166</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L167"></a><tt class="py-lineno">167</tt>  <tt class="py-line"><tt class="py-docstring">        Retrieves a dict of data from a cookie encrypted with</tt> </tt>
<a name="L168"></a><tt class="py-lineno">168</tt>  <tt class="py-line"><tt class="py-docstring">        encrypt_state_in_cookie().</tt> </tt>
<a name="L169"></a><tt class="py-lineno">169</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L170"></a><tt class="py-lineno">170</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional parameter specifying the request to look for</tt> </tt>
<a name="L171"></a><tt class="py-lineno">171</tt>  <tt class="py-line"><tt class="py-docstring">            cookies in.</tt> </tt>
<a name="L172"></a><tt class="py-lineno">172</tt>  <tt class="py-line"><tt class="py-docstring">        @return: A dictionary containing the decrypted cookie state value</tt> </tt>
<a name="L173"></a><tt class="py-lineno">173</tt>  <tt class="py-line"><tt class="py-docstring">        @raises EncryptionException: when something goes wrong with decryption.</tt> </tt>
<a name="L174"></a><tt class="py-lineno">174</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L175"></a><tt class="py-lineno">175</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L176"></a><tt class="py-lineno">176</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.encrypt_hidden_field"></a><div id="HTTPUtilities.encrypt_hidden_field-def"><a name="L177"></a><tt class="py-lineno">177</tt> <a class="py-toggle" href="#" id="HTTPUtilities.encrypt_hidden_field-toggle" onclick="return toggle('HTTPUtilities.encrypt_hidden_field');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#encrypt_hidden_field">encrypt_hidden_field</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">value</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.encrypt_hidden_field-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.encrypt_hidden_field-expanded"><a name="L178"></a><tt class="py-lineno">178</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L179"></a><tt class="py-lineno">179</tt>  <tt class="py-line"><tt class="py-docstring">        Encrypts a hidden field for use in HTML.</tt> </tt>
<a name="L180"></a><tt class="py-lineno">180</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L181"></a><tt class="py-lineno">181</tt>  <tt class="py-line"><tt class="py-docstring">        @param value: the cleartext value of the hidden field</tt> </tt>
<a name="L182"></a><tt class="py-lineno">182</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the encrypted value of the hidden field</tt> </tt>
<a name="L183"></a><tt class="py-lineno">183</tt>  <tt class="py-line"><tt class="py-docstring">        @raises EncryptionException: when something goes wrong with encryption.</tt> </tt>
<a name="L184"></a><tt class="py-lineno">184</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L185"></a><tt class="py-lineno">185</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L186"></a><tt class="py-lineno">186</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.encrypt_query_string"></a><div id="HTTPUtilities.encrypt_query_string-def"><a name="L187"></a><tt class="py-lineno">187</tt> <a class="py-toggle" href="#" id="HTTPUtilities.encrypt_query_string-toggle" onclick="return toggle('HTTPUtilities.encrypt_query_string');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#encrypt_query_string">encrypt_query_string</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">query</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.encrypt_query_string-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.encrypt_query_string-expanded"><a name="L188"></a><tt class="py-lineno">188</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L189"></a><tt class="py-lineno">189</tt>  <tt class="py-line"><tt class="py-docstring">        Takes the querystring (everything after the question mark in the URL)</tt> </tt>
<a name="L190"></a><tt class="py-lineno">190</tt>  <tt class="py-line"><tt class="py-docstring">        and returns an encrypted string containing the parameters.</tt> </tt>
<a name="L191"></a><tt class="py-lineno">191</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L192"></a><tt class="py-lineno">192</tt>  <tt class="py-line"><tt class="py-docstring">        @param query: the querystring to encrypt</tt> </tt>
<a name="L193"></a><tt class="py-lineno">193</tt>  <tt class="py-line"><tt class="py-docstring">        @return: encrypted querystring stored as string</tt> </tt>
<a name="L194"></a><tt class="py-lineno">194</tt>  <tt class="py-line"><tt class="py-docstring">        @raises EncryptionException: when something goes wrong with encryption.</tt> </tt>
<a name="L195"></a><tt class="py-lineno">195</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L196"></a><tt class="py-lineno">196</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L197"></a><tt class="py-lineno">197</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.encrypt_state_in_cookie"></a><div id="HTTPUtilities.encrypt_state_in_cookie-def"><a name="L198"></a><tt class="py-lineno">198</tt> <a class="py-toggle" href="#" id="HTTPUtilities.encrypt_state_in_cookie-toggle" onclick="return toggle('HTTPUtilities.encrypt_state_in_cookie');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#encrypt_state_in_cookie">encrypt_state_in_cookie</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">cleartext</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.encrypt_state_in_cookie-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.encrypt_state_in_cookie-expanded"><a name="L199"></a><tt class="py-lineno">199</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L200"></a><tt class="py-lineno">200</tt>  <tt class="py-line"><tt class="py-docstring">        If response is None, response refers to the current response.</tt> </tt>
<a name="L201"></a><tt class="py-lineno">201</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L202"></a><tt class="py-lineno">202</tt>  <tt class="py-line"><tt class="py-docstring">        Stores the name-value pairs from the cleartext in an encrypted cookie.</tt> </tt>
<a name="L203"></a><tt class="py-lineno">203</tt>  <tt class="py-line"><tt class="py-docstring">        Generally the session is a better place to store state information,</tt> </tt>
<a name="L204"></a><tt class="py-lineno">204</tt>  <tt class="py-line"><tt class="py-docstring">        as it does not expose it to the user at all. If there is a requirement</tt> </tt>
<a name="L205"></a><tt class="py-lineno">205</tt>  <tt class="py-line"><tt class="py-docstring">        not to use sessions, or the data should be store across sessions (for</tt> </tt>
<a name="L206"></a><tt class="py-lineno">206</tt>  <tt class="py-line"><tt class="py-docstring">        a long time), the use of encrypted cookies is an effective way to </tt> </tt>
<a name="L207"></a><tt class="py-lineno">207</tt>  <tt class="py-line"><tt class="py-docstring">        prevent the exposure.</tt> </tt>
<a name="L208"></a><tt class="py-lineno">208</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L209"></a><tt class="py-lineno">209</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional parameter specifying the response to put the</tt> </tt>
<a name="L210"></a><tt class="py-lineno">210</tt>  <tt class="py-line"><tt class="py-docstring">            encrypted cookie in. Defaults to the current response.</tt> </tt>
<a name="L211"></a><tt class="py-lineno">211</tt>  <tt class="py-line"><tt class="py-docstring">        @param cleartext: a dictionary containing the state information.</tt> </tt>
<a name="L212"></a><tt class="py-lineno">212</tt>  <tt class="py-line"><tt class="py-docstring">        @raises EncryptionException: when something goes wrong in encryption.</tt> </tt>
<a name="L213"></a><tt class="py-lineno">213</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L214"></a><tt class="py-lineno">214</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L215"></a><tt class="py-lineno">215</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.get_cookie"></a><div id="HTTPUtilities.get_cookie-def"><a name="L216"></a><tt class="py-lineno">216</tt> <a class="py-toggle" href="#" id="HTTPUtilities.get_cookie-toggle" onclick="return toggle('HTTPUtilities.get_cookie');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#get_cookie">get_cookie</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">name</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.get_cookie-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.get_cookie-expanded"><a name="L217"></a><tt class="py-lineno">217</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L218"></a><tt class="py-lineno">218</tt>  <tt class="py-line"><tt class="py-docstring">        If request is None, request refers to the current request.</tt> </tt>
<a name="L219"></a><tt class="py-lineno">219</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L220"></a><tt class="py-lineno">220</tt>  <tt class="py-line"><tt class="py-docstring">        A safer way to access cookies. This method returns the canonicalized</tt> </tt>
<a name="L221"></a><tt class="py-lineno">221</tt>  <tt class="py-line"><tt class="py-docstring">        value of the named cookie after "global" validation against the general</tt> </tt>
<a name="L222"></a><tt class="py-lineno">222</tt>  <tt class="py-line"><tt class="py-docstring">        type defined in esapi.conf.settings. This should not be considered a</tt> </tt>
<a name="L223"></a><tt class="py-lineno">223</tt>  <tt class="py-line"><tt class="py-docstring">        replacement for more specific validation.</tt> </tt>
<a name="L224"></a><tt class="py-lineno">224</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L225"></a><tt class="py-lineno">225</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional parameter to specify the request. Defaults to</tt> </tt>
<a name="L226"></a><tt class="py-lineno">226</tt>  <tt class="py-line"><tt class="py-docstring">            the current request.</tt> </tt>
<a name="L227"></a><tt class="py-lineno">227</tt>  <tt class="py-line"><tt class="py-docstring">        @param name: the name of the cookie</tt> </tt>
<a name="L228"></a><tt class="py-lineno">228</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the requested cookie value</tt> </tt>
<a name="L229"></a><tt class="py-lineno">229</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L230"></a><tt class="py-lineno">230</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L231"></a><tt class="py-lineno">231</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.get_csrf_token"></a><div id="HTTPUtilities.get_csrf_token-def"><a name="L232"></a><tt class="py-lineno">232</tt> <a class="py-toggle" href="#" id="HTTPUtilities.get_csrf_token-toggle" onclick="return toggle('HTTPUtilities.get_csrf_token');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#get_csrf_token">get_csrf_token</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.get_csrf_token-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.get_csrf_token-expanded"><a name="L233"></a><tt class="py-lineno">233</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L234"></a><tt class="py-lineno">234</tt>  <tt class="py-line"><tt class="py-docstring">        Returns the current user's CSRF token. If there is no current user then</tt> </tt>
<a name="L235"></a><tt class="py-lineno">235</tt>  <tt class="py-line"><tt class="py-docstring">        return None.</tt> </tt>
<a name="L236"></a><tt class="py-lineno">236</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L237"></a><tt class="py-lineno">237</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the current user's CSRF token.</tt> </tt>
<a name="L238"></a><tt class="py-lineno">238</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L239"></a><tt class="py-lineno">239</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L240"></a><tt class="py-lineno">240</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.get_current_request"></a><div id="HTTPUtilities.get_current_request-def"><a name="L241"></a><tt class="py-lineno">241</tt> <a class="py-toggle" href="#" id="HTTPUtilities.get_current_request-toggle" onclick="return toggle('HTTPUtilities.get_current_request');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#get_current_request">get_current_request</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.get_current_request-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.get_current_request-expanded"><a name="L242"></a><tt class="py-lineno">242</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L243"></a><tt class="py-lineno">243</tt>  <tt class="py-line"><tt class="py-docstring">        Retrieves the current request.</tt> </tt>
<a name="L244"></a><tt class="py-lineno">244</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L245"></a><tt class="py-lineno">245</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the current request</tt> </tt>
<a name="L246"></a><tt class="py-lineno">246</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L247"></a><tt class="py-lineno">247</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L248"></a><tt class="py-lineno">248</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.get_current_response"></a><div id="HTTPUtilities.get_current_response-def"><a name="L249"></a><tt class="py-lineno">249</tt> <a class="py-toggle" href="#" id="HTTPUtilities.get_current_response-toggle" onclick="return toggle('HTTPUtilities.get_current_response');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#get_current_response">get_current_response</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.get_current_response-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.get_current_response-expanded"><a name="L250"></a><tt class="py-lineno">250</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L251"></a><tt class="py-lineno">251</tt>  <tt class="py-line"><tt class="py-docstring">        Retrieves the current response.</tt> </tt>
<a name="L252"></a><tt class="py-lineno">252</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L253"></a><tt class="py-lineno">253</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the current response</tt> </tt>
<a name="L254"></a><tt class="py-lineno">254</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L255"></a><tt class="py-lineno">255</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L256"></a><tt class="py-lineno">256</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.get_file_uploads"></a><div id="HTTPUtilities.get_file_uploads-def"><a name="L257"></a><tt class="py-lineno">257</tt> <a class="py-toggle" href="#" id="HTTPUtilities.get_file_uploads-toggle" onclick="return toggle('HTTPUtilities.get_file_uploads');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#get_file_uploads">get_file_uploads</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-param">upload_dir</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-param">allowed_extensions</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.get_file_uploads-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.get_file_uploads-expanded"><a name="L258"></a><tt class="py-lineno">258</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L259"></a><tt class="py-lineno">259</tt>  <tt class="py-line"><tt class="py-docstring">        Extract the uploaded files from multipart HTTP requests.</tt> </tt>
<a name="L260"></a><tt class="py-lineno">260</tt>  <tt class="py-line"><tt class="py-docstring">        Implementations must check the content to ensure that it is safe before</tt> </tt>
<a name="L261"></a><tt class="py-lineno">261</tt>  <tt class="py-line"><tt class="py-docstring">        making a permanent copy on the local filesystem. Checks should include</tt> </tt>
<a name="L262"></a><tt class="py-lineno">262</tt>  <tt class="py-line"><tt class="py-docstring">        length and content checks, possibly virus checking, and path and name</tt> </tt>
<a name="L263"></a><tt class="py-lineno">263</tt>  <tt class="py-line"><tt class="py-docstring">        checks. Refer to the file checking methods in Validator for more</tt> </tt>
<a name="L264"></a><tt class="py-lineno">264</tt>  <tt class="py-line"><tt class="py-docstring">        information.</tt> </tt>
<a name="L265"></a><tt class="py-lineno">265</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L266"></a><tt class="py-lineno">266</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional parameter to specify the request. Defaults to</tt> </tt>
<a name="L267"></a><tt class="py-lineno">267</tt>  <tt class="py-line"><tt class="py-docstring">            the current request.</tt> </tt>
<a name="L268"></a><tt class="py-lineno">268</tt>  <tt class="py-line"><tt class="py-docstring">        @param upload_dir: Optional directory in which the uploaded file will</tt> </tt>
<a name="L269"></a><tt class="py-lineno">269</tt>  <tt class="py-line"><tt class="py-docstring">            be placed. Defaults to the default upload directory specified in</tt> </tt>
<a name="L270"></a><tt class="py-lineno">270</tt>  <tt class="py-line"><tt class="py-docstring">            esapi.conf.settings.</tt> </tt>
<a name="L271"></a><tt class="py-lineno">271</tt>  <tt class="py-line"><tt class="py-docstring">        @param allowed_extensions: An optional list of allowed extensions for </tt> </tt>
<a name="L272"></a><tt class="py-lineno">272</tt>  <tt class="py-line"><tt class="py-docstring">            the files. Defaults to the setting provided by SecurityConfiguration's</tt> </tt>
<a name="L273"></a><tt class="py-lineno">273</tt>  <tt class="py-line"><tt class="py-docstring">            get_allowed_file_extensions() method.</tt> </tt>
<a name="L274"></a><tt class="py-lineno">274</tt>  <tt class="py-line"><tt class="py-docstring">            </tt> </tt>
<a name="L275"></a><tt class="py-lineno">275</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the </tt> </tt>
<a name="L276"></a><tt class="py-lineno">276</tt>  <tt class="py-line"><tt class="py-docstring">        @raises ValidationException: if the file fails validation.</tt> </tt>
<a name="L277"></a><tt class="py-lineno">277</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L278"></a><tt class="py-lineno">278</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L279"></a><tt class="py-lineno">279</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.get_header"></a><div id="HTTPUtilities.get_header-def"><a name="L280"></a><tt class="py-lineno">280</tt> <a class="py-toggle" href="#" id="HTTPUtilities.get_header-toggle" onclick="return toggle('HTTPUtilities.get_header');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#get_header">get_header</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">name</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.get_header-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.get_header-expanded"><a name="L281"></a><tt class="py-lineno">281</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L282"></a><tt class="py-lineno">282</tt>  <tt class="py-line"><tt class="py-docstring">        If request is none, request refers to the current request.</tt> </tt>
<a name="L283"></a><tt class="py-lineno">283</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L284"></a><tt class="py-lineno">284</tt>  <tt class="py-line"><tt class="py-docstring">        A safer way to access headers. This returns the canonicalized value</tt> </tt>
<a name="L285"></a><tt class="py-lineno">285</tt>  <tt class="py-line"><tt class="py-docstring">        of the named header after "global" validation against the general</tt> </tt>
<a name="L286"></a><tt class="py-lineno">286</tt>  <tt class="py-line"><tt class="py-docstring">        type defined in SecurityConfiguration settings. This should not be</tt> </tt>
<a name="L287"></a><tt class="py-lineno">287</tt>  <tt class="py-line"><tt class="py-docstring">        considered a replacement for more specific validation.</tt> </tt>
<a name="L288"></a><tt class="py-lineno">288</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L289"></a><tt class="py-lineno">289</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional request to get the header from. Defaults to</tt> </tt>
<a name="L290"></a><tt class="py-lineno">290</tt>  <tt class="py-line"><tt class="py-docstring">            the current request.</tt> </tt>
<a name="L291"></a><tt class="py-lineno">291</tt>  <tt class="py-line"><tt class="py-docstring">        @param name: the name of the header</tt> </tt>
<a name="L292"></a><tt class="py-lineno">292</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the requested header value</tt> </tt>
<a name="L293"></a><tt class="py-lineno">293</tt>  <tt class="py-line"><tt class="py-docstring">        @raises ValidationException: if the header fails validation</tt> </tt>
<a name="L294"></a><tt class="py-lineno">294</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L295"></a><tt class="py-lineno">295</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L296"></a><tt class="py-lineno">296</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.get_parameter"></a><div id="HTTPUtilities.get_parameter-def"><a name="L297"></a><tt class="py-lineno">297</tt> <a class="py-toggle" href="#" id="HTTPUtilities.get_parameter-toggle" onclick="return toggle('HTTPUtilities.get_parameter');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#get_parameter">get_parameter</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">name</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.get_parameter-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.get_parameter-expanded"><a name="L298"></a><tt class="py-lineno">298</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L299"></a><tt class="py-lineno">299</tt>  <tt class="py-line"><tt class="py-docstring">        If request is None, request refers to the current request.</tt> </tt>
<a name="L300"></a><tt class="py-lineno">300</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L301"></a><tt class="py-lineno">301</tt>  <tt class="py-line"><tt class="py-docstring">        A safer way to access parameters. This method returns the canonicalized</tt> </tt>
<a name="L302"></a><tt class="py-lineno">302</tt>  <tt class="py-line"><tt class="py-docstring">        value of the named parameter after "global" validation against the </tt> </tt>
<a name="L303"></a><tt class="py-lineno">303</tt>  <tt class="py-line"><tt class="py-docstring">        general type defined in SecurityConfiguration(). This should not be</tt> </tt>
<a name="L304"></a><tt class="py-lineno">304</tt>  <tt class="py-line"><tt class="py-docstring">        considered a replacement for more specific validation.</tt> </tt>
<a name="L305"></a><tt class="py-lineno">305</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L306"></a><tt class="py-lineno">306</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional request to get the parameter from. Defaults</tt> </tt>
<a name="L307"></a><tt class="py-lineno">307</tt>  <tt class="py-line"><tt class="py-docstring">            to the current request.</tt> </tt>
<a name="L308"></a><tt class="py-lineno">308</tt>  <tt class="py-line"><tt class="py-docstring">        @param name: the name of the parameter.</tt> </tt>
<a name="L309"></a><tt class="py-lineno">309</tt>  <tt class="py-line"><tt class="py-docstring">        @return: the requested parameter value.</tt> </tt>
<a name="L310"></a><tt class="py-lineno">310</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L311"></a><tt class="py-lineno">311</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L312"></a><tt class="py-lineno">312</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.kill_all_cookies"></a><div id="HTTPUtilities.kill_all_cookies-def"><a name="L313"></a><tt class="py-lineno">313</tt> <a class="py-toggle" href="#" id="HTTPUtilities.kill_all_cookies-toggle" onclick="return toggle('HTTPUtilities.kill_all_cookies');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#kill_all_cookies">kill_all_cookies</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.kill_all_cookies-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.kill_all_cookies-expanded"><a name="L314"></a><tt class="py-lineno">314</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L315"></a><tt class="py-lineno">315</tt>  <tt class="py-line"><tt class="py-docstring">        Kill all cookies received in the last request from the browser.</tt> </tt>
<a name="L316"></a><tt class="py-lineno">316</tt>  <tt class="py-line"><tt class="py-docstring">        Note that new cookies set by the application in this response may not</tt> </tt>
<a name="L317"></a><tt class="py-lineno">317</tt>  <tt class="py-line"><tt class="py-docstring">        be killed by this method.</tt> </tt>
<a name="L318"></a><tt class="py-lineno">318</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L319"></a><tt class="py-lineno">319</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional request to act upon. Defaults to the current</tt> </tt>
<a name="L320"></a><tt class="py-lineno">320</tt>  <tt class="py-line"><tt class="py-docstring">            request.</tt> </tt>
<a name="L321"></a><tt class="py-lineno">321</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response to act upon. Defaults to the current</tt> </tt>
<a name="L322"></a><tt class="py-lineno">322</tt>  <tt class="py-line"><tt class="py-docstring">            response.</tt> </tt>
<a name="L323"></a><tt class="py-lineno">323</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L324"></a><tt class="py-lineno">324</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L325"></a><tt class="py-lineno">325</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.kill_cookie"></a><div id="HTTPUtilities.kill_cookie-def"><a name="L326"></a><tt class="py-lineno">326</tt> <a class="py-toggle" href="#" id="HTTPUtilities.kill_cookie-toggle" onclick="return toggle('HTTPUtilities.kill_cookie');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#kill_cookie">kill_cookie</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">name</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.kill_cookie-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.kill_cookie-expanded"><a name="L327"></a><tt class="py-lineno">327</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L328"></a><tt class="py-lineno">328</tt>  <tt class="py-line"><tt class="py-docstring">        Kills the specified cookie by setting a new cookie that expires</tt> </tt>
<a name="L329"></a><tt class="py-lineno">329</tt>  <tt class="py-line"><tt class="py-docstring">        immediately. Note that this method does not delete new cookies that</tt> </tt>
<a name="L330"></a><tt class="py-lineno">330</tt>  <tt class="py-line"><tt class="py-docstring">        are being set by the application for this response.</tt> </tt>
<a name="L331"></a><tt class="py-lineno">331</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L332"></a><tt class="py-lineno">332</tt>  <tt class="py-line"><tt class="py-docstring">        @param name: the name of the cookie</tt> </tt>
<a name="L333"></a><tt class="py-lineno">333</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional request to act upon. Defaults to the current</tt> </tt>
<a name="L334"></a><tt class="py-lineno">334</tt>  <tt class="py-line"><tt class="py-docstring">            request.</tt> </tt>
<a name="L335"></a><tt class="py-lineno">335</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response to act upon. Defaults to the current</tt> </tt>
<a name="L336"></a><tt class="py-lineno">336</tt>  <tt class="py-line"><tt class="py-docstring">            response.</tt> </tt>
<a name="L337"></a><tt class="py-lineno">337</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L338"></a><tt class="py-lineno">338</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L339"></a><tt class="py-lineno">339</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.log_http_request"></a><div id="HTTPUtilities.log_http_request-def"><a name="L340"></a><tt class="py-lineno">340</tt> <a class="py-toggle" href="#" id="HTTPUtilities.log_http_request-toggle" onclick="return toggle('HTTPUtilities.log_http_request');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#log_http_request">log_http_request</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-param">logger</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-param">parameters_to_obfuscate</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.log_http_request-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.log_http_request-expanded"><a name="L341"></a><tt class="py-lineno">341</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L342"></a><tt class="py-lineno">342</tt>  <tt class="py-line"><tt class="py-docstring">        Format the source IP address, URL, URL parameters, and all form</tt> </tt>
<a name="L343"></a><tt class="py-lineno">343</tt>  <tt class="py-line"><tt class="py-docstring">        parameters into a string suitable for the log file. </tt> </tt>
<a name="L344"></a><tt class="py-lineno">344</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L345"></a><tt class="py-lineno">345</tt>  <tt class="py-line"><tt class="py-docstring">        The list of parameters to obfuscate should be specified in order to </tt> </tt>
<a name="L346"></a><tt class="py-lineno">346</tt>  <tt class="py-line"><tt class="py-docstring">        prevent sensitive sensitive information from being logged. If the list</tt> </tt>
<a name="L347"></a><tt class="py-lineno">347</tt>  <tt class="py-line"><tt class="py-docstring">        is not provided, then all parameters will be logged. If HTTP request </tt> </tt>
<a name="L348"></a><tt class="py-lineno">348</tt>  <tt class="py-line"><tt class="py-docstring">        logging is done in a central place, the parameters_to_obfuscate could</tt> </tt>
<a name="L349"></a><tt class="py-lineno">349</tt>  <tt class="py-line"><tt class="py-docstring">        be made a configuration parameter. We include it here in case different</tt> </tt>
<a name="L350"></a><tt class="py-lineno">350</tt>  <tt class="py-line"><tt class="py-docstring">        parts of the application need to obfuscate different parameters.</tt> </tt>
<a name="L351"></a><tt class="py-lineno">351</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L352"></a><tt class="py-lineno">352</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional request to act upon. Defaults to the current </tt> </tt>
<a name="L353"></a><tt class="py-lineno">353</tt>  <tt class="py-line"><tt class="py-docstring">            request.</tt> </tt>
<a name="L354"></a><tt class="py-lineno">354</tt>  <tt class="py-line"><tt class="py-docstring">        @param logger: Optional logger to write the request to. Defaults to the</tt> </tt>
<a name="L355"></a><tt class="py-lineno">355</tt>  <tt class="py-line"><tt class="py-docstring">            current logger.</tt> </tt>
<a name="L356"></a><tt class="py-lineno">356</tt>  <tt class="py-line"><tt class="py-docstring">        @param parameters_to_obfuscate: the sensitive parameters</tt> </tt>
<a name="L357"></a><tt class="py-lineno">357</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L358"></a><tt class="py-lineno">358</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L359"></a><tt class="py-lineno">359</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.send_redirect"></a><div id="HTTPUtilities.send_redirect-def"><a name="L360"></a><tt class="py-lineno">360</tt> <a class="py-toggle" href="#" id="HTTPUtilities.send_redirect-toggle" onclick="return toggle('HTTPUtilities.send_redirect');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#send_redirect">send_redirect</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">location</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.send_redirect-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.send_redirect-expanded"><a name="L361"></a><tt class="py-lineno">361</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L362"></a><tt class="py-lineno">362</tt>  <tt class="py-line"><tt class="py-docstring">        Performs a redirect to the given location. Beware that forwarding to</tt> </tt>
<a name="L363"></a><tt class="py-lineno">363</tt>  <tt class="py-line"><tt class="py-docstring">        publicly accessible resources can be dangerous, as the request will</tt> </tt>
<a name="L364"></a><tt class="py-lineno">364</tt>  <tt class="py-line"><tt class="py-docstring">        have already passed the URL based access control check. This method</tt> </tt>
<a name="L365"></a><tt class="py-lineno">365</tt>  <tt class="py-line"><tt class="py-docstring">        ensures that you can only forward to non-publicly accessible resources.</tt> </tt>
<a name="L366"></a><tt class="py-lineno">366</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L367"></a><tt class="py-lineno">367</tt>  <tt class="py-line"><tt class="py-docstring">        @param location: the URL to forward to, including parameters</tt> </tt>
<a name="L368"></a><tt class="py-lineno">368</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response to act upon. Defaults to the current</tt> </tt>
<a name="L369"></a><tt class="py-lineno">369</tt>  <tt class="py-line"><tt class="py-docstring">            response.</tt> </tt>
<a name="L370"></a><tt class="py-lineno">370</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L371"></a><tt class="py-lineno">371</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L372"></a><tt class="py-lineno">372</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.set_content_type"></a><div id="HTTPUtilities.set_content_type-def"><a name="L373"></a><tt class="py-lineno">373</tt> <a class="py-toggle" href="#" id="HTTPUtilities.set_content_type-toggle" onclick="return toggle('HTTPUtilities.set_content_type');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#set_content_type">set_content_type</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.set_content_type-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.set_content_type-expanded"><a name="L374"></a><tt class="py-lineno">374</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L375"></a><tt class="py-lineno">375</tt>  <tt class="py-line"><tt class="py-docstring">        Set the content type character encoding header on every response in</tt> </tt>
<a name="L376"></a><tt class="py-lineno">376</tt>  <tt class="py-line"><tt class="py-docstring">        order to limit the ways in which input can be represented. This</tt> </tt>
<a name="L377"></a><tt class="py-lineno">377</tt>  <tt class="py-line"><tt class="py-docstring">        prevents malicious users from using encoding and multi-byte escape</tt> </tt>
<a name="L378"></a><tt class="py-lineno">378</tt>  <tt class="py-line"><tt class="py-docstring">        sequences to bypass input validation routines.</tt> </tt>
<a name="L379"></a><tt class="py-lineno">379</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L380"></a><tt class="py-lineno">380</tt>  <tt class="py-line"><tt class="py-docstring">        Implementations of this method should set the content type header to </tt> </tt>
<a name="L381"></a><tt class="py-lineno">381</tt>  <tt class="py-line"><tt class="py-docstring">        a safe value for your environment. The default is </tt> </tt>
<a name="L382"></a><tt class="py-lineno">382</tt>  <tt class="py-line"><tt class="py-docstring">        text/html; charset=UTF-8 character encoding, which is the default in</tt> </tt>
<a name="L383"></a><tt class="py-lineno">383</tt>  <tt class="py-line"><tt class="py-docstring">        early versions of HTML and HTTP. See U{RFC 2047&lt;http://ds.internic.net/rfc/rfc2045.txt&gt;}</tt> </tt>
<a name="L384"></a><tt class="py-lineno">384</tt>  <tt class="py-line"><tt class="py-docstring">        for more information about character encoding and MIME.</tt> </tt>
<a name="L385"></a><tt class="py-lineno">385</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L386"></a><tt class="py-lineno">386</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response to act upon. Defaults to the current</tt> </tt>
<a name="L387"></a><tt class="py-lineno">387</tt>  <tt class="py-line"><tt class="py-docstring">            response.</tt> </tt>
<a name="L388"></a><tt class="py-lineno">388</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
</div><a name="L389"></a><tt class="py-lineno">389</tt>  <tt class="py-line">        </tt>
<a name="HTTPUtilities.set_current_http"></a><div id="HTTPUtilities.set_current_http-def"><a name="L390"></a><tt class="py-lineno">390</tt> <a class="py-toggle" href="#" id="HTTPUtilities.set_current_http-toggle" onclick="return toggle('HTTPUtilities.set_current_http');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#set_current_http">set_current_http</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.set_current_http-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.set_current_http-expanded"><a name="L391"></a><tt class="py-lineno">391</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L392"></a><tt class="py-lineno">392</tt>  <tt class="py-line"><tt class="py-docstring">        Stores the current request and response so that they may be readily</tt> </tt>
<a name="L393"></a><tt class="py-lineno">393</tt>  <tt class="py-line"><tt class="py-docstring">        accessed throughout ESAPI (and elsewhere)</tt> </tt>
<a name="L394"></a><tt class="py-lineno">394</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L395"></a><tt class="py-lineno">395</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: the request</tt> </tt>
<a name="L396"></a><tt class="py-lineno">396</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: the response</tt> </tt>
<a name="L397"></a><tt class="py-lineno">397</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L398"></a><tt class="py-lineno">398</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L399"></a><tt class="py-lineno">399</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.set_header"></a><div id="HTTPUtilities.set_header-def"><a name="L400"></a><tt class="py-lineno">400</tt> <a class="py-toggle" href="#" id="HTTPUtilities.set_header-toggle" onclick="return toggle('HTTPUtilities.set_header');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#set_header">set_header</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">name</tt><tt class="py-op">,</tt> <tt class="py-param">value</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.set_header-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.set_header-expanded"><a name="L401"></a><tt class="py-lineno">401</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L402"></a><tt class="py-lineno">402</tt>  <tt class="py-line"><tt class="py-docstring">        Add a header to the response after ensuring that there are no encoded</tt> </tt>
<a name="L403"></a><tt class="py-lineno">403</tt>  <tt class="py-line"><tt class="py-docstring">        or illegal characters in the name and value. "A recipient MAY replace</tt> </tt>
<a name="L404"></a><tt class="py-lineno">404</tt>  <tt class="py-line"><tt class="py-docstring">        any linear whitespace with a single SP before interpreting the field</tt> </tt>
<a name="L405"></a><tt class="py-lineno">405</tt>  <tt class="py-line"><tt class="py-docstring">        value or forwarding the message downstream."</tt> </tt>
<a name="L406"></a><tt class="py-lineno">406</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L407"></a><tt class="py-lineno">407</tt>  <tt class="py-line"><tt class="py-docstring">        @see: U{RFC 2616&lt;http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2&gt;}</tt> </tt>
<a name="L408"></a><tt class="py-lineno">408</tt>  <tt class="py-line"><tt class="py-docstring">        @param name: the header's name</tt> </tt>
<a name="L409"></a><tt class="py-lineno">409</tt>  <tt class="py-line"><tt class="py-docstring">        @param value: the header's value</tt> </tt>
<a name="L410"></a><tt class="py-lineno">410</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response to act upon. Defaults to the current</tt> </tt>
<a name="L411"></a><tt class="py-lineno">411</tt>  <tt class="py-line"><tt class="py-docstring">            response.</tt> </tt>
<a name="L412"></a><tt class="py-lineno">412</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L413"></a><tt class="py-lineno">413</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L414"></a><tt class="py-lineno">414</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.set_no_cache_headers"></a><div id="HTTPUtilities.set_no_cache_headers-def"><a name="L415"></a><tt class="py-lineno">415</tt> <a class="py-toggle" href="#" id="HTTPUtilities.set_no_cache_headers-toggle" onclick="return toggle('HTTPUtilities.set_no_cache_headers');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#set_no_cache_headers">set_no_cache_headers</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.set_no_cache_headers-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.set_no_cache_headers-expanded"><a name="L416"></a><tt class="py-lineno">416</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L417"></a><tt class="py-lineno">417</tt>  <tt class="py-line"><tt class="py-docstring">        Set headers to protect sensitive information against being cached in</tt> </tt>
<a name="L418"></a><tt class="py-lineno">418</tt>  <tt class="py-line"><tt class="py-docstring">        the browser. Developers should make this call for any HTTP responses</tt> </tt>
<a name="L419"></a><tt class="py-lineno">419</tt>  <tt class="py-line"><tt class="py-docstring">        that contain any sensitive data that should not be cached within the</tt> </tt>
<a name="L420"></a><tt class="py-lineno">420</tt>  <tt class="py-line"><tt class="py-docstring">        browser or any intermediate proxies or caches. Implementations should</tt> </tt>
<a name="L421"></a><tt class="py-lineno">421</tt>  <tt class="py-line"><tt class="py-docstring">        set headers for the expected browsers. The safest approach is to set</tt> </tt>
<a name="L422"></a><tt class="py-lineno">422</tt>  <tt class="py-line"><tt class="py-docstring">        all relevant headers to their most restrictive setting. This include:</tt> </tt>
<a name="L423"></a><tt class="py-lineno">423</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L424"></a><tt class="py-lineno">424</tt>  <tt class="py-line"><tt class="py-docstring">            - Cache-Control: no-store</tt> </tt>
<a name="L425"></a><tt class="py-lineno">425</tt>  <tt class="py-line"><tt class="py-docstring">            - Cache-Control: no-cache</tt> </tt>
<a name="L426"></a><tt class="py-lineno">426</tt>  <tt class="py-line"><tt class="py-docstring">            - Cache-Control: must-revalidate</tt> </tt>
<a name="L427"></a><tt class="py-lineno">427</tt>  <tt class="py-line"><tt class="py-docstring">            - Expires: -1</tt> </tt>
<a name="L428"></a><tt class="py-lineno">428</tt>  <tt class="py-line"><tt class="py-docstring">            </tt> </tt>
<a name="L429"></a><tt class="py-lineno">429</tt>  <tt class="py-line"><tt class="py-docstring">        Note that the header "pragma: no-cache" is intended only for use in</tt> </tt>
<a name="L430"></a><tt class="py-lineno">430</tt>  <tt class="py-line"><tt class="py-docstring">        HTTP requests, not HTTP responses. However, Microsoft has chosen to</tt> </tt>
<a name="L431"></a><tt class="py-lineno">431</tt>  <tt class="py-line"><tt class="py-docstring">        directly violate the standards, so we need to include that header </tt> </tt>
<a name="L432"></a><tt class="py-lineno">432</tt>  <tt class="py-line"><tt class="py-docstring">        here. For more information, refer to the relevant standards:</tt> </tt>
<a name="L433"></a><tt class="py-lineno">433</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L434"></a><tt class="py-lineno">434</tt>  <tt class="py-line"><tt class="py-docstring">            - U{HTTP/1.1 Cache-Control "no-cache"&lt;http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1&gt;}</tt> </tt>
<a name="L435"></a><tt class="py-lineno">435</tt>  <tt class="py-line"><tt class="py-docstring">            - U{HTTP/1.1 Cache-Control "no-store"&lt;http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2&gt;}</tt> </tt>
<a name="L436"></a><tt class="py-lineno">436</tt>  <tt class="py-line"><tt class="py-docstring">            - U{HTTP/1.0 Pragma "no-cache"&lt;http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32&gt;}</tt> </tt>
<a name="L437"></a><tt class="py-lineno">437</tt>  <tt class="py-line"><tt class="py-docstring">            - U{HTTP/1.0 Expires&lt;http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21&gt;}</tt> </tt>
<a name="L438"></a><tt class="py-lineno">438</tt>  <tt class="py-line"><tt class="py-docstring">            - U{IE 6 Caching Issues&lt;http://support.microsoft.com/kb/937479&gt;}</tt> </tt>
<a name="L439"></a><tt class="py-lineno">439</tt>  <tt class="py-line"><tt class="py-docstring">            - U{Microsoft directly violates specification for pragma: no-cache&lt;http://support.microsoft.com/kb/234067&gt;}</tt> </tt>
<a name="L440"></a><tt class="py-lineno">440</tt>  <tt class="py-line"><tt class="py-docstring">            - U{Firefox browser.cache.disk_cache_ssl&lt;https://developer.mozilla.org/en/Mozilla_Networking_Preferences#Cache&gt;}</tt> </tt>
<a name="L441"></a><tt class="py-lineno">441</tt>  <tt class="py-line"><tt class="py-docstring">            </tt> </tt>
<a name="L442"></a><tt class="py-lineno">442</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response to act upon. Defaults to the current</tt> </tt>
<a name="L443"></a><tt class="py-lineno">443</tt>  <tt class="py-line"><tt class="py-docstring">            response.</tt> </tt>
<a name="L444"></a><tt class="py-lineno">444</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L445"></a><tt class="py-lineno">445</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L446"></a><tt class="py-lineno">446</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.set_remember_token"></a><div id="HTTPUtilities.set_remember_token-def"><a name="L447"></a><tt class="py-lineno">447</tt> <a class="py-toggle" href="#" id="HTTPUtilities.set_remember_token-toggle" onclick="return toggle('HTTPUtilities.set_remember_token');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#set_remember_token">set_remember_token</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">password</tt><tt class="py-op">,</tt> <tt class="py-param">max_age</tt><tt class="py-op">,</tt> <tt class="py-param">domain</tt><tt class="py-op">,</tt> <tt class="py-param">path</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">,</tt> <tt class="py-param">response</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.set_remember_token-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.set_remember_token-expanded"><a name="L448"></a><tt class="py-lineno">448</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L449"></a><tt class="py-lineno">449</tt>  <tt class="py-line"><tt class="py-docstring">        Set a cookie containing the current user's remember me token for</tt> </tt>
<a name="L450"></a><tt class="py-lineno">450</tt>  <tt class="py-line"><tt class="py-docstring">        automatic authentication. The use of remember me tokens is generally</tt> </tt>
<a name="L451"></a><tt class="py-lineno">451</tt>  <tt class="py-line"><tt class="py-docstring">        not recommended, but this method will help do it as safely as possible.</tt> </tt>
<a name="L452"></a><tt class="py-lineno">452</tt>  <tt class="py-line"><tt class="py-docstring">        The user interface should warn the user that this should only be</tt> </tt>
<a name="L453"></a><tt class="py-lineno">453</tt>  <tt class="py-line"><tt class="py-docstring">        enabled on computers where no other users will have access.</tt> </tt>
<a name="L454"></a><tt class="py-lineno">454</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L455"></a><tt class="py-lineno">455</tt>  <tt class="py-line"><tt class="py-docstring">        Implementations should save the user's remember me data in an encrypted</tt> </tt>
<a name="L456"></a><tt class="py-lineno">456</tt>  <tt class="py-line"><tt class="py-docstring">        cookie and send it to the user.</tt> </tt>
<a name="L457"></a><tt class="py-lineno">457</tt>  <tt class="py-line"><tt class="py-docstring">        Any old remember me cookie should be destroyed first. Setting this</tt> </tt>
<a name="L458"></a><tt class="py-lineno">458</tt>  <tt class="py-line"><tt class="py-docstring">        cookie should keep the user logged in until max_age passes, the</tt> </tt>
<a name="L459"></a><tt class="py-lineno">459</tt>  <tt class="py-line"><tt class="py-docstring">        password is changed, or the cookie is deleted.</tt> </tt>
<a name="L460"></a><tt class="py-lineno">460</tt>  <tt class="py-line"><tt class="py-docstring">        If the cookie exists for the current user, it should automatically</tt> </tt>
<a name="L461"></a><tt class="py-lineno">461</tt>  <tt class="py-line"><tt class="py-docstring">        be used by ESAPI to log the user in, if the data is valid and not</tt> </tt>
<a name="L462"></a><tt class="py-lineno">462</tt>  <tt class="py-line"><tt class="py-docstring">        expired.</tt> </tt>
<a name="L463"></a><tt class="py-lineno">463</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L464"></a><tt class="py-lineno">464</tt>  <tt class="py-line"><tt class="py-docstring">        @param password: the user's password</tt> </tt>
<a name="L465"></a><tt class="py-lineno">465</tt>  <tt class="py-line"><tt class="py-docstring">        @param max_age: the length of time that the token should be valid for</tt> </tt>
<a name="L466"></a><tt class="py-lineno">466</tt>  <tt class="py-line"><tt class="py-docstring">            in relative seconds</tt> </tt>
<a name="L467"></a><tt class="py-lineno">467</tt>  <tt class="py-line"><tt class="py-docstring">        @param domain: the domain to restrict the token to or None</tt> </tt>
<a name="L468"></a><tt class="py-lineno">468</tt>  <tt class="py-line"><tt class="py-docstring">        @param path: the path to restrict the token to or None</tt> </tt>
<a name="L469"></a><tt class="py-lineno">469</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Optional request to act upon. Defaults to the current</tt> </tt>
<a name="L470"></a><tt class="py-lineno">470</tt>  <tt class="py-line"><tt class="py-docstring">            request.</tt> </tt>
<a name="L471"></a><tt class="py-lineno">471</tt>  <tt class="py-line"><tt class="py-docstring">        @param response: Optional response to act upon. Defaults to the current</tt> </tt>
<a name="L472"></a><tt class="py-lineno">472</tt>  <tt class="py-line"><tt class="py-docstring">            response.</tt> </tt>
<a name="L473"></a><tt class="py-lineno">473</tt>  <tt class="py-line"><tt class="py-docstring">        @return: Encrypted "Remember me" token stored as string</tt> </tt>
<a name="L474"></a><tt class="py-lineno">474</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L475"></a><tt class="py-lineno">475</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L476"></a><tt class="py-lineno">476</tt>  <tt class="py-line">         </tt>
<a name="HTTPUtilities.verify_csrf_token"></a><div id="HTTPUtilities.verify_csrf_token-def"><a name="L477"></a><tt class="py-lineno">477</tt> <a class="py-toggle" href="#" id="HTTPUtilities.verify_csrf_token-toggle" onclick="return toggle('HTTPUtilities.verify_csrf_token');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="esapi.http_utilities.HTTPUtilities-class.html#verify_csrf_token">verify_csrf_token</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">request</tt><tt class="py-op">=</tt><tt class="py-name">None</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="HTTPUtilities.verify_csrf_token-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="HTTPUtilities.verify_csrf_token-expanded"><a name="L478"></a><tt class="py-lineno">478</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L479"></a><tt class="py-lineno">479</tt>  <tt class="py-line"><tt class="py-docstring">        Checks the CSRF token in the URL against the user's CSRF token and</tt> </tt>
<a name="L480"></a><tt class="py-lineno">480</tt>  <tt class="py-line"><tt class="py-docstring">        raises an IntrusionException if it is missing.</tt> </tt>
<a name="L481"></a><tt class="py-lineno">481</tt>  <tt class="py-line"><tt class="py-docstring">        </tt> </tt>
<a name="L482"></a><tt class="py-lineno">482</tt>  <tt class="py-line"><tt class="py-docstring">        @param request: Option request to act upon. Defaults to the current</tt> </tt>
<a name="L483"></a><tt class="py-lineno">483</tt>  <tt class="py-line"><tt class="py-docstring">            request.</tt> </tt>
<a name="L484"></a><tt class="py-lineno">484</tt>  <tt class="py-line"><tt class="py-docstring">        @raises IntrusionException: if CSRF token is missing or incorrect</tt> </tt>
<a name="L485"></a><tt class="py-lineno">485</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L486"></a><tt class="py-lineno">486</tt>  <tt class="py-line">        <tt class="py-keyword">raise</tt> <tt class="py-name">NotImplementedError</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div></div><a name="L487"></a><tt class="py-lineno">487</tt>  <tt class="py-line"> </tt><script type="text/javascript">
<!--
expandto(location.href);
// -->
</script>
</pre>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="esapi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
  <tr>
    <td align="left" class="footer">
    Generated by Epydoc 3.0.1 on Sun Nov  8 16:04:23 2009
    </td>
    <td align="right" class="footer">
      <a target="mainFrame" href="http://epydoc.sourceforge.net"
        >http://epydoc.sourceforge.net</a>
    </td>
  </tr>
</table>

<script type="text/javascript">
  <!--
  // Private objects are initially displayed (because if
  // javascript is turned off then we want them to be
  // visible); but by default, we want to hide them.  So hide
  // them unless we have a cookie that says to show them.
  checkCookie();
  // -->
</script>
</body>
</html>
